CyberArk is a popular enterprise password vault that helps you manage privileged credentials. Nessus can get credentials from CyberArk to use in a scan.

Option

Description

Username

The target system’s username.

Central Credential Provider Host

The CyberArk Central Credential Provider IP/DNS address.

Central Credential Provider Port

The port on which the CyberArk Central Credential Provider is listening.

CyberArk AIM Service URL

The URL of the AIM service. By default, this field uses /AIMWebservice/v1.1/AIM.asmx.

Central Credential Provider Username

If the CyberArk Central Credential Provider is configured to use basic authentication, you can fill in this field for authentication.

Central Credential Provider Password

If the CyberArk Central Credential Provider is configured to use basic authentication, you can fill in this field for authentication.

Safe

The safe on the CyberArk Central Credential Provider server that contained the authentication information you would like to retrieve.

CyberArk Client Certificate

The file that contains the PEM certificate used to communicate with the CyberArk host.

CyberArk Client Certificate Private Key

The file that contains the PEM private key for the client certificate.

CyberArk Client Certificate Private Key Passphrase

(Optional) The passphrase for the private key, if required.

AppId

The AppId that has been allocated permissions on the CyberArk Central Credential Provider to retrieve the target password.

Folder

The folder on the CyberArk Central Credential Provider server that contains the authentication information you would like to retrieve.

CyberArk Account Details Name

The unique name of the credential you want to retrieve from CyberArk.

Use SSL

If CyberArk Central Credential Provider is configured to support SSL through IIS check for secure communication.

Verify SSL Certificate

If CyberArk Central Credential Provider is configured to support SSL through IIS and you want to validate the certificate, select this option. Refer to the custom_CA.inc documentation for how to use self-signed certificates.